AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-06-04 · Documentation medium

File: bedrock-agentcore/latest/devguide/identity-update-api-key.md

Summary

Added option to update API keys via AWS Secrets Manager in addition to direct input. Introduced selection method with two options: direct entry or Secrets Manager reference.

Security assessment

Adds documentation about secure secret management option (Secrets Manager) but doesn't address a specific security vulnerability. Enhances security posture documentation.

Diff

diff --git a/bedrock-agentcore/latest/devguide/identity-update-api-key.md b/bedrock-agentcore/latest/devguide/identity-update-api-key.md
index bef3eeeb4..b2b028148 100644
--- a//bedrock-agentcore/latest/devguide/identity-update-api-key.md
+++ b//bedrock-agentcore/latest/devguide/identity-update-api-key.md
@@ -19 +19,11 @@ You can update an existing API key to replace the key value when your external s
-  4. In the **Update API key** dialog, in **API key** , enter the updated key value provided by your external service. AgentCore Identity securely stores this new value and makes it available to your agent at runtime.
+  4. In the **Update API key** dialog, for **API key selection method** , choose one of the following options:
+
+    1. **Provide API key** – Enter the API key value directly.
+
+      1. For **API key** , enter the updated key value provided by your external service. AgentCore Identity securely stores this new value and makes it available to your agent at runtime.
+
+    2. **Provide API key via Secrets Manager** – Reference a secret stored in AWS Secrets Manager instead of entering the value directly.
+
+      1. For **Secrets Manager** , enter or select the ARN of the Secrets Manager secret that contains your API key.
+
+      2. For **JSON key** , enter the JSON key in your Secrets Manager secret that contains the API key value.